void AddEditorText(ATTR attr, string timestamp, string text)
{
string col = "";
switch (attr)
{
case ATTR.TITLE:
col = "white";
break;
case ATTR.OK:
col = "#aaf";
break;
case ATTR.NG:
col = "red";
break;
case ATTR.INFO:
col = "#ccc";
break;
}
string s = "<color=" + col + ">" + timestamp + text + "</color>\n";
Debug.Log(s);
}
public void FDE_PrintStats()
{
Console.WriteLine();
Console.WriteLine("INT:{0} REF:{1} TECH:{2}", INT.ToString(), REF.ToString(), TECH.ToString());
Console.WriteLine("COOL:{0} ATTR:{1} LUCK:{2}", COOL.ToString(), ATTR.ToString(), LUCK.ToString());
Console.WriteLine("MA:{0} BODY:{1} EMP:{2}", MA.ToString(), BODY.ToString(), EMP.ToString());
Console.WriteLine();
}
public void DRSR_DRSVerifyNames_Verify_Dsnames()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(0, ret,
"IDL_DRSBind: Checking return value - got: {0}, expect: {1}, return value should always be 0 with a success bind to DC",
ret, 0);
// Create a DSNAME
string dn = server.Site.DN;
DSNAME dsSite = ldapAdapter.GetDsName(server, dn).Value;
// Prefix table
SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable();
// Create the attribute block. Here we go to RDN attribute.
string rdnAttrId = DRSConstants.RDN_OID;
uint attrTyp = OIDUtility.MakeAttid(prefixTable, rdnAttrId);
ATTRVAL attrVal = DrsuapiClient.CreateATTRVAL(null);
ATTRVALBLOCK attrValBlock = DrsuapiClient.CreateATTRVALBLOCK(new ATTRVAL[] { attrVal });
ATTR attr = DrsuapiClient.CreateATTR(attrTyp, attrValBlock);
ATTRBLOCK attrBlock = DrsuapiClient.CreateATTRBLOCK(new ATTR[] { attr });
// Actual RPC call.
ret = drsTestClient.DrsVerifyNames(
srv,
dwInVersion_Values.V1,
DRS_MSG_VERIFYREQ_V1_dwFlags_Values.DRS_VERIFY_DSNAMES,
new DSNAME[] { dsSite },
new string[] { dn },
attrBlock,
prefixTable
);
BaseTestSite.Assert.AreEqual <uint>(0, ret,
"IDL_DRSVerifyNames: Checking return value - got: {0}, expect: {1}, return value should always be 0",
ret, 0);
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(0, ret,
"IDL_DRSUnbind: Checking return value - got: {0}, expect: {1}, return value should always be 0",
ret, 0);
}
void AddGuiText(ATTR attr, string text)
{
if (!gui)
{
return;
}
int fontSize = 13;
GameObject obj = new GameObject();
obj.transform.SetParent(contentArea.transform);
obj.name = "text";
RectTransform rt = obj.AddComponent <RectTransform>();
rt.anchorMin = new Vector2(0, 1);
rt.anchorMax = new Vector2(0, 1);
rt.anchoredPosition = new Vector2(0, 0);
rt.sizeDelta = new Vector2(400, fontSize + 2);
rt.pivot = new Vector2(0.5f, 0.5f);
obj.AddComponent <CanvasRenderer>();
Text textComponent = obj.AddComponent <Text>();
textComponent.text = text;
textComponent.font = Resources.GetBuiltinResource <Font>("Arial.ttf");
textComponent.fontSize = fontSize;
textComponent.alignment = TextAnchor.UpperLeft;
switch (attr)
{
case ATTR.TITLE:
textComponent.color = Color.white;
break;
case ATTR.OK:
textComponent.color = new Color(0.7f, 0.7f, 1f);
break;
case ATTR.NG:
textComponent.color = Color.red;
break;
case ATTR.INFO:
textComponent.color = new Color(0.7f, 0.7f, 0.7f);
break;
}
scrollRect.verticalNormalizedPosition = 0;
}
public void DRSR_RODC_FAS_Add_Attribute()
{
int timeOut = 0;
DrsrTestChecker.Check();
EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
EnvironmentConfig.Machine dc1Enum = EnvironmentConfig.Machine.WritableDC1;
DsServer dc1 = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];
ResultCode r = ResultCode.Other;
// FAS: first try "Employee-Number"
string nc = LdapUtility.GetDnFromNcType(dc1, NamingContext.SchemaNC);
string searchFlagsAttr = "searchFlags";
string attrDn = "CN=Employee-Number," + nc;
string attrName = "employeeNumber";
uint searchFlags = 0;
// wait until FAS is modified on DC01
for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
{
searchFlags = Convert.ToUInt32(
ldapAdapter.GetAttributeValueInString(dc1, attrDn, searchFlagsAttr)
);
if ((searchFlags & kRODC_FAS) != 0)
{
BaseTestSite.Log.Add(LogEntryKind.Comment, "FAS already effective.");
// the attribute is already in the FAS
break;
}
ldapAdapter.ModifyAttribute(dc1, attrDn, new DirectoryAttribute(searchFlagsAttr, kRODC_FAS.ToString()));
System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
}
BaseTestSite.Assert.IsTrue((searchFlags & kRODC_FAS) != 0, "FAS is set successfully on {0}", dc1.NetbiosName);
uint ret = drsTestClient.DrsBind(rodcEnum, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
Assert.IsTrue(ret == 0);
ret = drsTestClient.DrsReplicaSync(rodcEnum, DrsReplicaSync_Versions.V1, dc1Enum, DRS_OPTIONS.DRS_FULL_SYNC_NOW, false, NamingContext.SchemaNC);
BaseTestSite.Assert.IsTrue(ret == 0, "Start replica from {0} to {1}.", dc1.NetbiosName, rodc.NetbiosName);
// wait until FAS is replicated to RODC
BaseTestSite.Log.Add(LogEntryKind.Comment, "Waiting for FAS to be replicated, searchFlags: {0}", searchFlags);
bool isReplicated = false;
for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
{
if (IsObjectReplicated(dc1, rodc, NamingContext.SchemaNC, attrDn))
{
// exit the loop when FAS is replicated to the RODC
isReplicated = true;
BaseTestSite.Log.Add(LogEntryKind.Comment, "FAS applied.");
break;
}
System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
}
BaseTestSite.Assert.IsTrue(isReplicated, "Replica from {0} succeeded.", dc1.NetbiosName);
// create the user first if it doesn't exist.
string userDn = ldapAdapter.TestAddUserObj(dc1);
Assert.IsNotNull(userDn);
// take a "snapshot" of the current RODC replication state.
// We'll use this snapshot to impersonate earlier state of the RODC
// AFTER the changes are replicated to the actual RODC.
USN_VECTOR? usnFrom = null;
UPTODATE_VECTOR_V1_EXT?utdVector = null;
SnapshotReplicationState(dc1, rodc, NamingContext.DomainNC, out usnFrom, out utdVector);
// modify Employee Number
int newValue = _rnd.Next();
DirectoryAttribute employeeNumberAttr = new DirectoryAttribute(attrName, newValue.ToString());
r = ldapAdapter.ModifyAttribute(dc1, userDn, employeeNumberAttr);
Assert.AreEqual <ResultCode>(ResultCode.Success, r);
//ret = drsTestClient.DrsBind(rodcEnum, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
//Assert.IsTrue(ret == 0);
ret = drsTestClient.DrsReplicaSync(rodcEnum, DrsReplicaSync_Versions.V1, dc1Enum, DRS_OPTIONS.DRS_ASYNC_OP, false, NamingContext.DomainNC);
BaseTestSite.Assert.IsTrue(ret == 0, "Start replica from {0} to {1}.", dc1.NetbiosName, rodc.NetbiosName);
// Wait until the change is replicated by the actual RODC
bool replicated = false;
for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
{
// First, check the originating USNs on RODC to make sure the replication has completed.
if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, userDn))
{
replicated = true;
break;
}
// sleep
System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
}
uint?outVersion;
DRS_MSG_GETCHGREPLY?outMessage = null;
// DRSBind
DRS_EXTENSIONS_IN_FLAGS clientCapabilities
= DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
| DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6
| DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;
ret = drsTestClient.DrsBind(dc1Enum, EnvironmentConfig.User.RODCMachineAccount, clientCapabilities);
Assert.IsTrue(ret == 0);
if (replicated)
{
ret = drsTestClient.DrsGetNCChangesV2(
dc1Enum,
dc1,
rodc,
userDn,
usnFrom.Value,
utdVector.Value,
false,
out outVersion,
out outMessage);
}
// remove the temp user
ldapAdapter.DeleteObject(dc1, userDn);
// DRSUnbind
ret = drsTestClient.DrsUnbind(dc1Enum);
Assert.IsTrue(ret == 0);
BaseTestSite.Assert.IsTrue(replicated, "Replica from {0} succeeded.", dc1.NetbiosName);
// check in outMessage that the secret attributes are not replicated.
DRS_MSG_GETCHGREPLY_V6 replyV6 = outMessage.Value.V6;
REPLENTINFLIST[] objectList = replyV6.pObjects;
if (objectList != null)
{
foreach (REPLENTINFLIST entInf in objectList)
{
for (int i = 0; i < entInf.Entinf.AttrBlock.attrCount; ++i)
{
ATTR attr = entInf.Entinf.AttrBlock.pAttr[i];
string displayName = GetLdapDisplayName(dc1, attr.attrTyp, replyV6.PrefixTableSrc);
if (displayName == attrName)
{
// examine the new value
string value = System.Text.Encoding.Unicode.GetString(
attr.AttrVal.pAVal[0].pVal);
BaseTestSite.Assert.AreNotEqual <string>(
newValue.ToString(),
value,
"{0} is in FAS, should not be replicated", attrName);
}
}
}
}
// FAS: Remove "Employee-Number" from the FAS
DirectoryAttribute searchAttr = new DirectoryAttribute(searchFlagsAttr, "0");
r = ldapAdapter.ModifyAttribute(dc1, attrDn, searchAttr);
}
public void DRSR_RODC_Credential_Caching_Revealed()
{
int timeOut = 0;
DrsrTestChecker.Check();
EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
EnvironmentConfig.Machine dc1Enum = EnvironmentConfig.Machine.WritableDC1;
DsServer dc1 = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];
// take a snapshot of the current replication state of the RODC
USN_VECTOR? usnFrom = null;
UPTODATE_VECTOR_V1_EXT?utdVector = null;
SnapshotReplicationState(dc1, rodc, NamingContext.DomainNC, out usnFrom, out utdVector);
// we need a user and put it into the Revealed List.
// create the user first if it doesn't exist.
string nc = LdapUtility.GetDnFromNcType(dc1, NamingContext.DomainNC);
string userDn = ldapAdapter.TestAddUserObj(dc1);
Assert.IsNotNull(userDn);
// add this user to the "Allowed RODC Password Replication Group"
string allowedDn = "CN=Allowed RODC Password Replication Group, CN=Users,"
+ LdapUtility.GetDnFromNcType(dc1, NamingContext.DomainNC);
ResultCode r = ldapAdapter.AddObjectToGroup(dc1, userDn, allowedDn);
Assert.IsTrue(r == ResultCode.Success);
// Set password of the user
LdapUtility.ChangeUserPassword(dc1, userDn, "1*admin");
// wait until the object is replicated by the actual RODC
bool replicated = false;
for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
{
if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, userDn))
{
replicated = true;
break;
}
System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
}
// wait until the "Allowed RODC Password Replication Group object is replicated by the actual RODC
replicated = false;
for (timeOut = 0; timeOut < kMaxTimeOut; ++timeOut)
{
if (IsObjectReplicated(dc1, rodc, NamingContext.DomainNC, allowedDn))
{
replicated = true;
break;
}
System.Threading.Thread.Sleep(kMaxTimeoutInMilliseconds);
}
BaseTestSite.Assert.IsTrue(replicated, "{0} should be replicated to the RODC", allowedDn);
// DRSBind
DRS_EXTENSIONS_IN_FLAGS clientCapabilities
= DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
| DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6
| DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_STRONG_ENCRYPTION;
uint ret = drsTestClient.DrsBind(dc1Enum, EnvironmentConfig.User.RODCMachineAccount, clientCapabilities);
Assert.IsTrue(ret == 0);
uint?outVersion;
DRS_MSG_GETCHGREPLY?outMessage = null;
ret = drsTestClient.DrsGetNCChangesV2(
dc1Enum,
dc1,
rodc,
userDn,
usnFrom.Value,
utdVector.Value,
true, // request secrets
out outVersion,
out outMessage);
// DRSUnbind
ret = drsTestClient.DrsUnbind(dc1Enum);
Assert.IsTrue(ret == 0);
ldapAdapter.DeleteObject(dc1, userDn);
// check in outMessage that the secret attributes are not replicated.
DRS_MSG_GETCHGREPLY_V6 replyV6 = outMessage.Value.V6;
REPLENTINFLIST[] objectList = replyV6.pObjects;
bool secretFound = false;
string firstSecretAttrbute = null;
foreach (REPLENTINFLIST entInf in objectList)
{
for (int i = 0; i < entInf.Entinf.AttrBlock.attrCount; ++i)
{
ATTR attr = entInf.Entinf.AttrBlock.pAttr[i];
if (IsSecretAttribute(dc1, attr.attrTyp, replyV6.PrefixTableSrc, out firstSecretAttrbute))
{
if (attr.AttrVal.pAVal != null)
{
secretFound = true;
}
}
}
}
BaseTestSite.Assert.IsTrue(
secretFound,
"Secret attribute {0} should appear in the response when user is in the revealed list",
firstSecretAttrbute);
}
public void DRSR_DRSVerifyNames_Verify_SAM_Account_Names()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
// Create a DSNAME with only SAMAccountName.
string userDn = ldapAdapter.GetUserDn(server, user);
string sAMAccountName = (string)ldapAdapter.GetAttributeValue(server, userDn, "sAMAccountName");
DSNAME dsUser = DrsuapiClient.CreateDsName(sAMAccountName, Guid.Empty, null);
// Prefix table
SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable();
// Create the attribute block. Here we go to RDN attribute.
string rdnAttrId = DRSConstants.RDN_OID;
uint attrTyp = OIDUtility.MakeAttid(prefixTable, rdnAttrId);
ATTRVAL attrVal = DrsuapiClient.CreateATTRVAL(null);
ATTRVALBLOCK attrValBlock = DrsuapiClient.CreateATTRVALBLOCK(new ATTRVAL[] { attrVal });
ATTR attr = DrsuapiClient.CreateATTR(attrTyp, attrValBlock);
ATTRBLOCK attrBlock = DrsuapiClient.CreateATTRBLOCK(new ATTR[] { attr });
// Actual RPC call.
ret = drsTestClient.DrsVerifyNames(
srv,
dwInVersion_Values.V1,
DRS_MSG_VERIFYREQ_V1_dwFlags_Values.DRS_VERIFY_SAM_ACCOUNT_NAMES,
new DSNAME[] { dsUser },
new string[] { userDn },
attrBlock,
prefixTable
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSVerifyNames: return value should be 0"
);
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
